Overview
The Workspace contains Dashboards, a collection of ISA widgets used to visualize data for detailed analysis.
The pre-defined Dashboards contains a set of ISA widgets.
Dashboard
The following widgets are included as part of the default Dashboard view:
External Data Sources:
List of external data sources that has been provided by the Customer.
Enterprise Data Sources:
List of internal data sources that has been provided by the Customer.
Threat Feed Ranking:
Threats ranked by CVEs (common vulnerabilities and exposures) and IOCs (indicator of compromise).
Vulnerability Matrix:
Provides count of vulnerable hosts per listed CVE.
For more information, see Dashboards Interface.
Choosing the Dashboard View
You can select the Dashboard view that corresponds to your organizational role.
To choose the dashboard view
- From the Workspace select default Dashboard, click on the "Choose your Dashboard view" dropdown.
- On the right side of the screen select CISCO or Cyber Analyst.
The data in the widgets is populated and displayed in a manner best suited to the selected role.
Widget Settings
You can configure the widget settings to specify the display behavior of the widgets.
To configure the widget settings:
- From the Global Workspace default Dashboard, click on the widget settings gear graphic.
- Select from the options described below
Frequency:
Daily, Weekly and Monthly frequencies are selectable from the widgets.
Source/Feed:
Place a checkmark next to the available data sources for analysis.
EnhancedCISO Dashboard Widgets
Updated widgets can be added to this view to provide further visibilityBreach Detection
The CISO Breach Detection Dashboard provides a view across your enterprise. These widgets differ, This widget differs from the Analyst Dashboard Widgets by offering more detailed visibility across Business Units and Risk Scores. This provides a more meaningful and organized view of risk to transition quickly to the asset base. For example, the addition of the Business Units and Risk Score, provides a layer of visibility business units with the largest challenges.
The Risk Score is developed upon setup of ISA and represents a combination of asset type, criticality and value. These factors will be discussed in greater detail during the setup process.
Threat Feed Prioritization
In addition to Breach Detection, the Threat Feed Prioritization widget also provides an additional layer of threat visibility in order to measure result quality consistently. This view graphs IOC results, demonstrating trending. In a single view, you'll be able to see the aggregated view of all your feeds. So when it comes time for renewals, it is easy to confirm initial expectations against the ongoing value.
As shown in the table above, ISA lists the matched IOC's against the IOC Count (total # of IOC produced) identified in each feed. A higher ratio between these two numbers is used to drive the Confidence Level. As the number of IOC matches increases, relative to the IOC Count, results are assigned a High, Medium and Low assignment. This assignment is based on whether their allocation
| Confidence Level | Calculation |
|---|---|
| High | Top 25% |
| Medium | Top 50% |
| Low | Low 25% |
| Panel | ||||||
|---|---|---|---|---|---|---|
In this section:
|